Link to home
Start Free TrialLog in
Avatar of Michael  McCabe
Michael McCabeFlag for United States of America

asked on

Cisco ASA 5510 - Portmap translation issue

Hello Experts,
I need some help.  I'm a novice when it comes to firewalls, and our ASA5510 is spewing information about a portmap translation issue.

Background:
We had a network migration and I'm just now getting back to watch logs and what-not.  The migration was to restructure network subnets and attach to a new WAN fiber.

The ASA is passing traffic, but users have found some slowness in the network which was not there prior to the network migration.  It seems that I've lost my telnet access to the box, but the ASDM connection is still available.  Here is what it is saying.  

User generated image
Again I'm not a polished firewall guy, so I'm sure this is something relatively simple.

I have a good handle on the specific IP addresses on my network, and the 10.48.67.3 was an old DC.  The problem is that the DC has been terminated for over a couple of years.  This has shown up just recently after the network migration.

Any ideas?


*Edit*
Attached config (removed any identifiable info)
  config.txt
Avatar of anoopkmr
anoopkmr
Flag of United States of America image

try after adding the below commands

nat-control
static (inside,inside) 192.168.0.0  192.168.0.0 netmask 255.255.255.0
static (inside,inside) 10.48.67.3  10.48.67.3 netmask 255.255.255.255
static (inside,inside) 10.0.220.0 10.0.220.0 netmask 255.255.255.0
Avatar of Michael  McCabe

ASKER

Ok, I'm following.

Should I explicitly state all subnets?  There are roughly 12 other subnets that are on the inside of the ASA.  They are all simply flat /24 networks (listed in the static routes).

I have a set of 3550 switches managing intra-vlan routing.  The 192.160.0.80 is a Cymphonix content filter... which sits between the ASA and the 3550.  It looks like the majority of the portmap errors.
Not that I don't trust you anoopkmr...

Can anyone else verify that this is what I need to do?  These changes will be on my production network, and the commands are a bit foreign to me to only be selecting a couple of my networks and not all.  

Just want to be making the right move the first time.
ASKER CERTIFIED SOLUTION
Avatar of anoopkmr
anoopkmr
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial